[Samba] Re: preeexec and samba
Joel Hammer
Joel at HammersHome.com
Sat Jun 28 00:02:39 GMT 2003
Well, you can run smbstatus from the preexec script.
You can grep out the name of the user connecting and compare it to
the %U or %u variable sent during the login to $IPC. This could get
complicated. For example, your script would depend, maybe, on whether
you have security = share or security = user.
Here is a possibly useful tool for figuring out what you want. This smb.conf
share, with the script Hello, captures all the variables passed when a user
logs on. This may help you writing your script. With the results of this
script and the output of smbstatus, you could really fine tune what you
allow.
With care, just cut and paste this into your smb.conf file.
Joel
[public]
comment = Root directory
path = /
read only = no
create mask = 0777
exec = rm /tmp/Hello;echo \"m %m \" \"G %G \" \"I %I \" \"L %L \" \"M %M \" \"N %N \" \"R %R \" \"T %T \" \"U %U \" \"a %a \" \"d %d \" \"h %h \" \"p %p \" \"v %v \" \"H %H \" \"P %P \" \"S %S \" \"g %g \" \"u %u \" | xargs -n1 /usr/local/samba/bin/Hello;\
echo This is my home %$(HOME) >> /tmp/Hello
The script Hello is as follows:
#!/bin/bash
i=`echo "$1" | tr -s " "`
index=`echo "$i" | cut -d" " -f1`
value=`echo "$i" | sed 's/^. //'`
case $index in
m ) message="client machine NetBios name = $value";;
M ) message="Internet DNS of client= $value";;
I ) message="IP address of client = $value";;
a ) message="Architecture of remote machine= $value";;
U ) message="Session user name (one the client wanted)= $value";;
L ) message="Netbios name of server = $value";;
h ) message="Internet DNS hostname of server= $value";;
R ) message="Protocal level = $value";;
v ) message="Samba version= $value";;
T ) message="Current time and date= $value";;
G ) message="Primary goup name of U = $value";;
N ) message="NIS home directory= $value";;
d ) message="Process ID of current server= $value";;
p ) message="Path of services home directory from NIS= $value";;
H ) message="Home directory of user in u= $value";;
P ) message="Root directory of current service = $value";;
S ) message="Name of current service = $value";;
g ) message="Primary group name of u in share = $value";;
u ) message="User name of current service = $value";;
esac
echo $message \(\%$index\) >> /tmp/Hello
The output should look like this:
client machine NetBios name = hammer10 (%m)
Primary goup name of U = ftp (%G)
IP address of client = 192.168.1.10 (%I)
Netbios name of server = jhammer6 (%L)
Internet DNS of client= hammer10.jhammer.org (%M)
NIS home directory= jhammer6 (%N)
Protocal level = NT1 (%R)
Current time and date= 2003/06/26 06:56:28 (%T)
Session user name (one the client wanted)= anonymous (%U)
Architecture of remote machine= Samba (%a)
Process ID of current server= 13089 (%d)
Internet DNS hostname of server= jhammer6 (%h)
Path of services home directory from NIS= (%p)
Samba version= 2.2.1a (%v)
Home directory of user in u= /home/ftp (%H)
Root directory of current service = / (%P)
Name of current service = public (%S)
Primary group name of u in share = ftp (%g)
User name of current service = ftp (%u)
This is my home /home/jlh
This is what I get when I log on as user jlh but ask for a guest access,
with the guest account being ftp.
Note, you have the process ID of the connection. That could be killed with
kill -15 %d if you wanted to.
Joel
> i am the person who wrote to the list about preventing lots of users
> logging on.
> as themselves more then once.
> i can probably figure out how to work preexec but i am very confused about
> how to write the script so it checks for a user, and if that user exists in
> the smbstatus list, deny the second user from logging on.
> usernames are just added to the smbpassword file using the -a switch for
> each user, the passwords are of course encrypted.
> sorry for writing you privately but i really need this problem solved and i
> am not at that location where i subscribed but i am able to check mail.
> thanks a lot for trying the preexec command.
> i will read about it in docs.
>
>
>
More information about the samba
mailing list